Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM 6 SP2 | Sightly html context

Avatar

Level 4
Level 4
10/15/15 7:28:59 PM

Hi All,

I have a sightly expression like 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='html'} India</span></p> - context is 'html'

and it is rendering as 

<p>Welcome! to  <span class="test"></span> India</span></p> - without data-id attribute in span tag

expected output 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p>

But when I change the context to unsafe , same sightly is rendering as expected 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='unsafe'} India</span></p> - context is 'unsafe'

rendered as 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p> 

I do not want to use context as unsafe, how to resolve this?

 

Thanks,

Radhakrishna N

Views

5.5K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:59 PM

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

View solution in original post

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:59 PM

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
10/15/15 7:28:59 PM

Thanks Kunal, it worked. Is it anywhere documented in Sightly documentation? 

Thanks,

Radhakrishna N

Views

2.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/15/15 7:28:59 PM

it is more implicit, all output by Sightly is escaped via the XSS-api.

Views

2.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/14/18 7:17:11 PM

For some reason this is not working for <a> tags in aem 6.4. Any other ideas?

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
SEO Best Practices for Dyamic Pages in AEM Solved

Views

112

Likes

0

Replies

3
Not able to use credentials for login after installing AEM service pack 9 for 6.5 Solved

Views

172

Likes

0

Replies

3
AEM Performance issue due to testandtarget/clientlibs/testandtarget/

Views

55

Likes

0

Replies

1
Using AEM to pull data from RTCDP

Views

52

Likes

0

Replies

1
JMS integration with AEM 6.5 to push messages to Queue

Views

55

Likes

0

Replies

0